National Cyber Warfare Foundation (NCWF)

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the Forti Forty


0 user ratings
2024-03-14 12:46:04
milo
Blue Team (CND)

 - archive -- 

Earlier this year, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed while searching for the FortiNAC firmware. The first target I landed on was the Fortinet Wireless LAN Manager (WLM). The security audit of this appliance began what became the successful, but failed journey of what I dubbed the “Forti Forty” – a goal to find 40 CVE’s in Fortinet appliances. The journey ended in 16 mostly critical and high security issues identified across the FortiWLM, FortiSIEM, and another appliance before it was cut short when Fortinet’s download portal no longer provided access to download their appliances. This blog details several of the issues discovered in the FortiWLM that have since been patched: CVE-2023-34993 – Multiple Unauthenticated Command Injections – PSIRT-23-140 CVE-2023-34991 – Unauthenticated SQL Injection – PSIRT-23-142 CVE-2023-42783 – Unauthenticated Arbitrary File Read – PSIRT-23-143 CVE-2023-48782 – Authenticated Command Injection – PSIRT-23-450 Additionally two vulnerabilities that have not received patches leading to appliance compromise: Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log […]


The post Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” appeared first on Horizon3.ai.


The post Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” appeared first on Security Boulevard.



Zach Hanley

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/03/fortinet-fortiwlm-deep-dive-iocs-and-the-almost-story-of-the-forti-forty/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.